The Central Authentication Service (CAS) is a single sign-on protocol for the web. Its purpose is to permit a user to access multiple applications while providing their credentials (such as userid and password) only once. It also allows web applications to authenticate users without gaining access to a user’s security credentials, such as a password. The name CAS also refers to a software package that implements this protocol. – From Central Authentication Service - Wikipedia
It involves one or many clients and one server:
The CAS server is responsible for authenticating users and granting accesses to applications
The CAS clients protect the CAS applications and retrieve the identity of the granted users from the CAS server.
The CAS client will communicate with the CAS Server, it will be responsible to provite authentication to your application. So, it should be integrated somehow inside your application.
From the list of the available clients, you should pick the one that best suits your needs:
NOTE: if building status is failing, you might not be able to use it.
Due to simplicity, Apache CAS Client might be the simplest starting point to test CAS.
On Debian, install
libapache2-mod-auth-cas (CAS authentication module for Apache2):
sudo apt-get install libapache2-mod-auth-cas apache2
After installing, the module should be automatically activated. You need to set a few required parameters in your Apache configuration. That could be done in the file
/etc/apache2/mods-enabled/auth_cas.conf (change it accordingly):
CASCookiePath /var/cache/apache2/mod_auth_cas/ CASLoginURL https://login.example.org/cas/login CASValidateURL https://login.example.org/cas/serviceValidate
Directory block in your Apache configuration:
<Location /secured> Authtype CAS require valid-user </Location
Then, restart apache:
sudo service apache2 restart
The CAS Server is deployed via WAR file into a servlet container.
There is no officially supported servlet container for CAS, but Apache Tomcat is the most commonly used. The following servlet containers are known to work well:
You can install Tomcat with:
sudo apt-get install tomcat8 tomcat8-admin
In order to produce the WAR, you can use the Maven WAR overlay. This is a sample project that creates the WAR file with the CAS server.
sudo apt-get install maven
Now, you have to clone the repository https://github.com/Jasig/cas-overlay-template:
git clone https://github.com/Jasig/cas-overlay-template.git
Then build the project:
cd cas-overlay-template ./mvnw clean package
After the package have been created, it’s time to deploy it in the server. If the process is successful, you should have the file
On Tomcat, you can copy the file to Tomcat’s
sudo cp target/cas.war /var/lib/tomcat8/webapps/
Or, you can access the URL http://localhost:8080/manager and deploy the server trough the section WAR file to deploy.
Now, test the newly deployed server http://localhost:8080/cas
There are plenty of options to CAS server to work with. Check out in Authentication Handlers.
The option we are going to use is LDAP. It is widely used and many applications are already integrated with this service.
First, install the PostgreSQL database server and client. Additionally, you can install also PhpPgAdmin:
sudo apt-get install postgresql postgresql-client phppgadmin
If you need to access to the PhpPgAdmin outside the machine where it is installed, edit the file
/etc/apache2/conf-enabled/phppgadmin.conf, comment the line with
Require local and restart Apache.
Then, define a password for user
postgres and connect the command line client to the server as
sudo passwd postgres su - postgres psql
psql client, run the following queries to create a user and a database for CAS:
CREATE USER casuser WITH PASSWORD 'casuserpass'; CREATE DATABASE cas OWNER casuser;
Quit from the database with command
You can test your PostgreSQL installation from the browser in http://localhost/phppgadmin